British food and clothing retailer Marks & Spencer (M&S) has temporarily halted all online orders in the wake of a cyber-attack reported in the week beginning 21 April 2025.
The retailer suspended transactions on its websites and apps across the UK, Ireland, and some international platforms, according to a BBC report.
Go deeper with GlobalData
Physical stores are still operational despite the challenges facing their online services.
Marks & Spencer issued a statement addressing the situation: “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.”
The disruption affected in-store process such as contactless payments and the retrieval of online orders.
Delays were also reported in fulfilling some click-and-collect orders.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know. Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping,” the retailer reassured customers.
Amidst ongoing issues, M&S has been responding to customer inquiries on social media.
One reply highlighted that gift cards, e-gift cards and credit receipts are temporarily unusable for payments both in-store and online.
However, they assured another customer that items confirmed for collection via email could still be picked up in-store.
“We’re holding all parcels in store until further notice, so there’s no risk of it being sent back,” M&S communicated to a customer.
Following the cyber-attack announcement, M&S’ stock experienced a 5% decline.
